Infractal 2 Posted February 28, 2015 Posted February 28, 2015 Is there a roadmap for adding TLS 1.2 support for SSL inspection? I would also like to see the following forward secrecy ciphers supported to match the Win8.1/10 schannel stack, along with the ability to configure the cipher and protocol config on clients so I can do things like disable RC4 ciphers for my enterprise clients.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256TLS_DHE_RSA_WITH_AES_256_GCM_SHA384TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
ESET Moderators Peter Randziak 1,223 Posted March 5, 2015 ESET Moderators Posted March 5, 2015 Hello, TLS 1.2 is supported by our implementation of SSL Protocol checking. Do you have any particular issues with it with current Internet protection module? P.R.
Infractal 2 Posted March 6, 2015 Author Posted March 6, 2015 After doing a bit more digging, I am noticing that browsers are behaving differently. Qualys tests against IE11 doing SSL inspection show TLS 1.2 support, but Firefox 36 is only going up to TLS 1.1. Is cipher customization a possibility? I'd really like to get those RC4 ciphers pulled out.
ESET Moderators Solution Peter Randziak 1,223 Posted March 6, 2015 ESET Moderators Solution Posted March 6, 2015 Hello, yes you are right support for TLS 1.2 in Firefox will be included in Internet protection module 1181+ (not available for users yet). We will release this module gradually for user, but we do not have any time frame specified yet. P.R.
chrcoluk 2 Posted May 18, 2015 Posted May 18, 2015 you have ignored his question, why can you not add cipher control to the settings? Also support for HSTS hxxp://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security Public Key pinning hxxp://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning Plus manual verification of ceritifcates. I think the HTTPS interception is messy and goes against good security practices. Its better to just make it so livegrid can work without live http/https interception.
Recommended Posts